为什么下划线被禁止在HTTP头名 [英] Why underscores are forbidden in HTTP header names

问题描述

几个月前，我曾与一个名为SESSION_ID的自定义HTTP标头出了问题，没有被nginx的代理转移。

Few month ago I had a problem with a custom HTTP header named "SESSION_ID", not been transfered by nginx proxy.

我已经告诉下划线根据HTTP协议的RFC禁止的。

I've been told that underscores are prohibited according to RFC of HTTP protocol.

谷歌搜索，我发现，大多数服务器如阿帕奇或的nginx 将其定义为非法的。

Googling, I've found that most servers like apache or nginx define them as illegal.

RFC2616 部分4.2说

遵循相同的通用格式，在RFC的3.1节给出822 [9]

follow the same generic format as that given in Section 3.1 of RFC 822 [9]

和 RFC822 说：

字段名称必须由可打印的ASCII字符
          （即，33和126之间的值的字符，
          小数，除了冒号）

The field-name must be composed of printable ASCII characters (i.e., characters that have values between 33. and 126., decimal, except colon)

下划线是ASCII表（属于33-126范围）95小数字符。
我缺少什么？

underscore is 95 decimal character in ASCII table (belongs to 33-126 range). What am I missing?

推荐答案

他们不是被禁止的。这是CGI遗产。 这里

They are not forbidden. It's CGI legacy. Here

如果你不明确设置上underscores_in_headers; ，nginx的将自动删除下划线HTTP标头（这是完全合法根据HTTP标准）。这样做是为了映射标头CGI变量时做prevent歧义，因为这两个破折号和下划线在这个过程映射到下划线。

If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.

这篇关于为什么下划线被禁止在HTTP头名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！